Overview.

Accountability We are responsible for the protection of personal data entrusted to us.

Transparency We inform users about the collection and processing of their personal data, and use it fairly.

Proportionality We collect and use personal data for specific legitimate purposes. We collect what we need to get our job done.

Control We offer users choices regarding the use of their personal data, and honor their preferences for contacting them.

Security & Retention We apply technical, physical and organizational measures to ensure an appropriate level of security for the personal data in our custody. We retain it as needed for its intended purposes.

Third Parties We carefully choose vendors, service providers and other third parties with whom we share personal data and require them to commit to standards that we consider adequate.

Introduction.

SharpSpring Service SharpSpring provides a suite of marketing automation services related to various forms of marketing and customer interaction, email marketing, storage capabilities, and lead analytics that relies on proprietary tools, technology and know-how (collectively, “Service”). The Service is provided to businesses or agencies (“Customers”) pursuant to services agreement and subject to the payment of a fee for such Service. The Service is provided through a restricted area accessible to Customers only, from the www.sharpspring.com, app.sharpspring.com, or *.marketingautomation.services websites.

SharpSpring Platform In connection with the promotion of the SharpSpring Service, SharpSpring has developed and operates the SharpSpring website, specialized content, reports, software applications, social media pages, and uses other means of interacting with individuals about the SharpSpring Service, such as emails, newsletters, or phone calls, marketing events and participation at trade shows. All such methods of promotion and sale of the SharpSpring Service are designated as the “Platform”.

Operator The operator of the Platform and provider of the SharpSpring Service is SharpSpring, Inc., located at 5001 Celebration Pointe Avenue, Suite 410,Gainesville, FL, and its subsidiaries including SharpSpring Technologies Inc and Interinbox SA (“SharpSpring” or “we,” “us,” “our”).

Definitions.

“Customer” means a business that is, has been, or is about to become a paying or trial customer of SharpSpring for the purpose of using the SharpSpring Service.

“Visitor” means an individual who visits the Platform, and who may be seeking information about the Service.

“Lead” means a visitor who has expressed interest in our products or services, for example by filling out a form or providing a business card to request information, a white paper, or a demo of the Platform, or interacts with us in any manner about our Service, for example in emails, phone calls or through in person interaction.

“Customer Representative” means an individual who acts on behalf of a Customer, and who uses or interacts with SharpSpring or the Platform in such capacity.

“User” or “you” or “your” means a visitor, a lead, or a Customer Representative.

Scope.

SharpSpring Platform This Privacy Notice applies to the handling of personal data by SharpSpring that SharpSpring collects on or through its Platform and for its own purposes, when individual users interact when the Platform, for example by using the SharpSpring website, calling us, sending requests for information, or visiting our booth at trade shows.

Customers’ Use of our Service is Not Subject to this Privacy Notice This Privacy Notice does not apply to the collection or processing of personal data that occurs when our Customers use the Service for their own purposes. The collection and processing of personal data by our Customers when they use our Service is subject to the privacy policy of these Customers, as posted on their websites. We do not control the type of information that our Customers may choose to collect or manage using our Service. That information is owned by them, and it is used, disclosed, and processed by them, or on their behalf, in accordance to their instructions, and their own policies. We are not responsible for our Customers’ use of personal data that they collect using our Service.

Third Party Services This Privacy Notice also does not apply to any third-party website, service or social media button (“Third Party Service“) that may be linked to the Platform, such as links to an article or social networking buttons (for example, Facebook or Twitter). We have no control over, and are not responsible for, their data collection and/or handling practices. We encourage you to be aware when you leave our Platform. We also encourage you to read the privacy statements of these third-party Services. The inclusion of a link to a third party’s Service does not imply that we endorse any of the third party’s products, services or data handling practices; or that this Privacy Notice covers the third parties’ products, services or practices.

Updates and Changes to Privacy Notice.

Each time you access the Platform, the then-current version of this Privacy Notice will apply. We recommend that you periodically check this page and the date of the posted Privacy Notice, and review any changes since the last time you used the Platform.

We will review and update this Privacy Notice periodically in response to changing legal, technical, market, and business developments. When we update this Privacy Notice, we will note the date of its most recent revision above. We will take appropriate measures to inform all users in a manner that is consistent with the significance of the changes we make, and is in accordance with applicable law.

Your continued access to or use of the Platform after we have posted changes to this Privacy Notice on this page as set forth above, and have otherwise complied with the applicable laws regarding changes in the notice, will indicate that you agree to be bound by such changes.

If you do not agree with such changes, you should cease accessing or using the Platform and seek the deletion of your information by contracting use as described below. In some cases, your actual consent will be required, and in this case this paragraph will have no effect.

Information Collection Practices.

We collect a variety of information as listed below as needed to operate our business, and for the legitimate interest of our business, including for marketing purposes, to the extent permitted by applicable law. Our website and other publicly facing services and applications are primarily intended for interaction in the business environment. Our information collection practices are focused on the business context, and the careful and limited identification of leads and prospects for our sales efforts.

These data include:

Log Data

When a user uses, or interacts with our Platform, or clicks on a link that directs the user to our Platform, the user’s browser automatically provides, and we automatically collect and store, certain information about the user’s device (computer, tablet, smartphone) and the user’s activities. This includes:

We collect this data for the proper operation of our Platform. Until the user becomes a “lead” this data cannot be linked to a specific individual.

Traffic Data Data generated by the use of the Platform also include:

Information about use of the Platform: date stamp, URL of the visited page, URL of the last webpage visited before visiting our Platform or a website using our Platform. URL of the last webpage visited before visiting our Service.

We collect this data to understand how our Platform is used and to create statistics on the use of our Platform. Until the user becomes a “lead” this data cannot be linked to a specific individual.

Lead Data If a visitor interacts with us, for example, to inquire about a product or service, the visitor becomes a lead. In these cases, we will collect information provided to us through the form or questionnaire used to make the request, or the contact or other information provided at a trade show or industry event. The information is provided directly and voluntarily by the individual. Depending on the circumstances, the information may include:

First and Last Name

Name of the business

Email address

Street address, city, state, province and/or country

Telephone number

Website URL

Social Media Handles

Mobile Number

We collect this data for sales and marketing purposes to allow us to respond to a request from a lead so that we may provide information about our Service.

Customer Representative Data When a Customer has purchased the Service, we create an account on our Platform, in the name of the Customer. The Customer has the ability to create one or several accounts. For each authorized Customer Representative allowed to use these accounts, we request:

First and Last Name

Name of the company for which the Service is purchased

Email address

Street address, city, state, province and/or country

Telephone number

Website URL

It may also include, at the individual’s option

Social Media Handles

Mobile Number

Only the minimum amount of information necessary to operate or manage the account is mandatory. The Customer Representative may elect to provide additional information, which we may use to enhance the Service, for example by offering access to social media accounts through the Service.

To access the Customer account, the registrant is required to choose a password.

Information the User Makes Public The Platform contains features that allow certain users to upload, post, transmit, display, perform, or distribute content, or other information, including their Personal data. Any information that the user chooses to disclose by means of such features may become public information.

SharpSpring is unable to exercise control over this information once the user has made it public. You should exercise caution when deciding to disclose your Personal data by means of such features, and you are solely responsible for any uses or misuse of such information.

Publicly Available Information We supplement information that we receive directly from the user or the user’s equipment with additional information that is available from public sources, in public records, or other publicly available databases or from information that the user has made public, for example, in tweets or Facebook posts.

Payment Information When a Customer pays for the Service, we collect the method of payment, date and amount of the payment. If the Customer pays with a credit card, this information is transmitted directly to our payment processor, and we do not retain the detail of the payment information other than the Transaction ID number. After payment card information is entered, we do not have access to payment card information and disclaim any liability for any loss or compromise of payment card information. When you make a payment, you agree to terms of our payment processor.

In the case of an ongoing relationship, we retain information about the Customer’s payment history as necessary for the administration of the Customer account.

Communication from Users When a visitor or lead completes an online form, visits our website or other areas of our Platform (for example on social media), or when a user otherwise contacts us, by email, phone or text, we automatically collect and store certain information about that user and the user’s activities, as we receive from such user, for example:

The user’s name and contact information.

Information that the user provides to us.

The user’s company information, if any.

The nature of the communication.

The purpose of the interaction, and the action we took in response to the user’s inquiry or request.

Any action the user takes upon receipt of such communication (for example, whether the user registers to attend an event that we offer, or request to receive documentation).

The information collected in connection with each type of interaction is retained so that SharpSpring and each user can continue interaction with the requestor for marketing and sales purpose and the promotion of our Service.

Communications to Users Unless we are prohibited by applicable law from using cookies and a user has not otherwise consented to our use of cookies, we insert cookies in some of our correspondence with users.

In that case, when we send an email message to a user, our message contains images or links, which when viewed or clicked, will register an event with us that allows us to know whether the user has accessed or declined to open our message. This action may also store a cookie which will allow us to count unique clicks or visits and potentially track the recipient.

This information is needed for our legitimate business purposes, because it helps us understand how the individual reacts to our communications and limit the amount and nature of information provided. We believe that such means are fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

The information is collected in connection with our marketing efforts and is retained so that we can continue or elect to stop interaction with the lead.

We do not want to intrude in your busy life or waste your time. If at any time you wish that we cease to communicate with you, please contact us as indicated in the “How to Contact Us” section, or take advantage of the unsubscribe link that you will find in any of our written electronic communications.

Surveys and Contests From time-to-time, we invite users to participate in surveys or contests. Participation is voluntary. These surveys are organized for the purposes of our marketing efforts.

When a user participates, we request certain personal data such as name and email address. This is necessary to ensure that responses are categorized properly and are not duplicated

Depending on the nature of the survey or contents, we also use this information to send the survey results to the participants, or, if applicable, to notify contest winners and award prizes.

We use the information obtained from these surveys and contests in aggregate form, for analytics purposes, to understand our market, to monitor site traffic or app usage, or to modify our Platform or our Service to meet the needs or interests of users.

If we use a third-party service provider to conduct these surveys, the information collected by the service provider may be subject to both the service provider’s privacy policy and SharpSpring’s. We will provide information about the applicable privacy policies with the Survey rules and will seek your explicit consent to these rules when required by law. You should read the terms of the survey or contest to understand the extent to which the service provider is allowed to use or reuse the information collected.

Social Media Our Platform offers integrations with third-party social media platforms like Facebook, Twitter, and LinkedIn. These services collect your IP address and which page you are visiting on our Platform. They may set a cookie to enable their features to function properly. Social media features and widgets are hosted by a third party or directly on our website. Your interactions with these features are governed by the privacy policy of the company providing the feature.

Your use of these services is optional. If you elect to use them, you will be deemed to have expressly consented to the collection of personal data by these services according to their terms.

Information we Obtain from Third Parties We receive information from third party data providers including directories. In some cases, such as LinkedIn, the information has manifestly been made public by the individuals who posted their profile on LinkedIn, and we assume that the individuals no longer have a privacy interest in such information, and it can be used for the legitimate interest of SharpSpring in learning about potential Customers.

Email Accounts Users may opt-in to use features of the Platform which regularly collect and store the contents of emails from their email accounts, which are hosted by third-party email service providers. This is done for the purpose of providing advanced features of the Platform and is only done at the user’s express direction.

In order to provide these features, the Platform must authenticate with the user’s third-party email accounts. When possible, this is done using OAuth.

For example, the Platform will use OAuth to securely authenticate with a user’s particular email account. Once authenticated, the OAuth authentication, or “bearer” token, is encrypted and stored, and is used on subsequent requests to prove authentication. When OAuth is not possible, we encrypt and store the user’s third-party email account credentials, and thereafter use them to securely authenticate with the third-party email service.

Access to email account authentication tokens and credentials (where applicable), the keys to decrypt this data, and user email content, is limited to only employees who need access to support and develop the Platform and only within the scope of their job responsibilities. The user’s authentication tokens or credentials, and email data, is never shared with third-parties.

For users who authorize and use OAuth with their Gmail account through Google, the use of data obtained through the Platform will comply with Google’s additional Restricted Scopes requirements that are listed in the Google API Services: User Data Policy. The details of the this policy can be found at: https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes. As this policy is subject to change based on the needs of Google, it is recommended that users regularly check on updates to the policy at the above attached web address.

How Information is Collected.

The information is collected through several different means described below. We believe that such means are fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

However, please be assured that we do not want to intrude in your busy life or waste your time. If at any time you wish that we cease any form of collection or processing of information about you, please contact us as indicated in the “How to Contact Us” section.

Information Provided by the User’s Device Some information is provided automatically by the user’s device or browser. This includes, for example, browser and device version information.

Information Obtained when a User Downloads and Uses our App. When a user downloads and uses ourApp, we may track and collect usage data, such as the date and time the App accesses our servers, and what screens or pages were accessed.

Direct Contact by the User Some information is provided directly by the user. This includes, for example, information provided by a user:

When requesting information about one of our products or services.

By completing a questionnaire, a form or a survey.

When placing a call to us and requesting assistance from us.

By visiting with us at an industry event.

By registering to attend a seminar or webinar.

By requesting a copy of a newsletter or white paper.

When subscribing to marketing communications.

When requesting support.

During phone calls with a sales representative.

User’s Activity on a Third-Party Site When a lead uses a third-party website that has integrated SharpSpring forms or tracking code, the information submitted on these forms, and the pages visited on these websites, will be recorded by our Platform.

Social Media When a social media account is connected to a user’s account on our Platform, we ask the user’s permission to access certain information about the user’s social media account, activities and friends. Social media sites make information available to all apps through their APIs, such as friend lists. The information we receive depends on what information the user or the social media site decides to share with us.

Public Sources Some information is obtained from public records and publicly available databases.

Third Parties Some information is provided by joint marketing partners and third-party providers who have confirmed that they have the right to share such information.

Cookies, Pixel Tags and Other Technologies.

Some information is collected through cookies. Cookies, pixel tags and other tracking technologies are used on our Platform to ensure that it functions properly and to give users a more personalized experience. Cookies can be “first party cookies” (served by us) or “third parties cookies” (served by others).

For additional information about our use of cookies and other similar tracking technologies, please see our Cookie Policy.

We, our service providers, and any ad networks who help us deliver relevant ads to users may use cookies, pixel tags (also known as web beacons and clear, or transparent GIFs), and other similar technologies to measure and track general user activities on our Site, and on third party websites.

In some countries, we are not permitted to send cookies other than necessary cookies to the browser of a user without the prior consent of the affected user. In this case, we will seek such consent. The remainder of this section assumes that either the use of cookies is not restricted by applicable law, or if it is restricted, that the individual has explicitly consent to the use of cookies.

Information provided by these cookies are essential to help us provide our Platform in a manner that it adapted to each user’s specific needs, for example, to allow identifying the country where the user is located, so that we can present our website in the appropriate language.

We believe that such means are fair, lawful, and proportional to the legitimate interest and needs of our business, and that our methodology fairly addresses each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected.

Third-party analytics services, including Google Analytics provided by Google Inc. (“Google”) and Pendo use cookies and similar technologies to analyze how visitors use our Platform and for compiling statistical reports.

Information Use and Disclosure.

We use the data collected for the legitimate interest of our business as follows:

Aggregated Data We use traffic data in aggregated form to better understand the interests and needs of our visitors and leads, and how they are using our Platform. By identifying patterns and trends in usage, we are able to better design the Platform and marketing material to serve more relevant and useful content.

We use log data and demographic data in aggregated form to better understand the needs or interests of our visitors which helps us to create more appropriate marketing material and better tailored communication.

Social Media When we are permitted to do so, we use Third Party Social Media Account Data in accordance with this Privacy Notice and the privacy policies of third party social media companies, such as Facebook and Twitter to understand how SharpSpring is being discussed online, and to engage with customers, leads or potential customers on social media.

As part of our Marketing Efforts We use Contact Data that a visitor or lead has provided to provide requested information concerning the Platform or the Service in response to the request.

As part of our Sales Effort We keep a record of our interaction with visitors, leads, and Customer Representatives, and of their requests to:

Keep records of contact information and correspondence.

Send relevant marketing information and market research surveys.

Communicate with the user about our activities.

Send invitations to events that may be of interest to the user in accordance with the user’s preferences or apparent interests.

To Interact with Customers We use Contact Data that a Customer Representative has provided to respond to:

A request for assistance (for example a request for support).

Provide requested information concerning their account.

Provide or Facilitate the Use of the Platform We use information about a user to:

Provide the products, services, or documents requested by the user.

Fulfill purchases of our services.

Respond to users’ requests, or respond to comments or questions.

Provide service and support to Customer Representatives.

Diagnose server problems and administer the Platform or the Service.

Follow up with Customer Representatives and help resolve issues internally or with our third-party partners.

We use information about a user’s device to ensure that our Platform functions properly and is optimized for that user’s device.

For Financial and Accounting We use financial data provided by a lead during the sales process to verify their qualifications for certain features of the Platform and, after the lead becomes a Customer Representative, to bill the Customer as applicable.

For our Business Operations

To send administrative information to the user.

To respond to our users’ preferences or interests or expedite the processing and completion of a transaction.

Allow the user to navigate or browse through our Platform quickly and efficiently.

To Adapt our Website and Apps to the User’s Needs

To remember the user’s preference, such as language or font size.

For Security Purposes We use information about our Customer Representatives, and in some cases visitors, to perform data analysis, audits, security and fraud monitoring and prevention; enhance, improve, or modify our Platform or Service.

We use IP Addresses for administration and security purposes, such as calculating usage levels of our Platform or Service, help diagnose server problems, and detect fraud, spam or other disruptive or destructive behavior.

For Statistical and Research Purposes We use aggregated Traffic Data and information gathered using cookies, to create reports on trends in the usage of the Platform or Service and to determine the effectiveness of our promotional campaigns.

We study collected information in aggregated and anonymized format to determine our users’ needs, promote certain products or services, or additional support to optimize our marketing and ad targeting efforts. For example, we may compile statistics on the percentage of our users in a state or country who have a specific interest or purpose, or to design advertisements or to develop new features that appear on our Platform.

Sharing with Third Parties.

Except as described below, SharpSpring will not share or disclose a user’s personal data with third parties. We believe that such practices are fair, lawful, and proportional to the legitimate interest and needs of our business, and that our practices fairly address each user’s legitimate rights and expectations in view of the context and purpose for the collection and use of the information collected, are not intrusive or contrary to users’ legitimate rights.

We do not want to intrude in your busy life or waste your time. If at any time you wish that we cease any activity that affects you, please contact us as indicated in the “How to Contact Us” section.

Disclosure to Marketing Partners When general laws allow us to do so, we use any Personal data to better understand the demographics of our target audiences, and to support our marketing data products and services.

When this is not prohibited by applicable laws, we also provide personal information to partner firms which may include third-party marketing companies, affiliates, advertising agencies, and data aggregation companies. These partner firms use this information to determine the interest levels of leads on products and services in accordance with this Privacy Notice.

In countries where such activities are not permitted without the prior explicit consent of the individuals, we refrain from conducting these activities.

For clarity, we do not share or disclose personally identifiable information (PII) to partner firms.

Service Providers We share information with our suppliers, subcontractors, and other third parties who provide services to us (collectively “service providers”) in connection with advertising, hosting, data analytics, information technology and infrastructure, order fulfillment, email delivery, auditing, and other related activities.

Our service providers are given only the information they need to perform their designated functions. Our contracts with each service provider prohibits them from using or sharing with others, the information that we provide to them, or that they collect directly from our users for other purposes than as directed by us.

Analytics We use automated devices and applications, such as Google Analytics, to evaluate use of our Platform. Analytics service providers use cookies and other tracking technologies to perform their services. For more details, please review the “Cookies” section.

Social Media Networks The Platform includes links to third-party websites and social media networks (“Third Party Services”) where a user is able to post or share comments, reviews or other information for example, forwarding an article, tweeting about a sale, or clicking on a Facebook button. To do so, you must connect your SharpSpring account with your Third-Party Service account (for example, your Facebook account). In such case, you authorize SharpSpring to share information with Facebook, and you agree that the use of the information we share with Facebook will be governed by the Facebook privacy policy.

Please note that the information or comments that are posted on SharpSpring may be collected and shared by these Third-Party Services, and your information or comments that are posted or disclosed through these Third-Party Services may become available to SharpSpring, other SharpSpring users, or the public.

Events Some of our events may be organized and hosted through a service provider, or in cooperation with unaffiliated organizations. These entities may require attendees to these events to provide information such as name, email address, and/or phone number as part of the registration process. We cannot control their collection or use of this information. We encourage you to read the privacy statements of these third parties because they control how such entities handle the information that you provide at the time of registration.

Trade shows We participate in trade shows that are organized by third parties. These entities may require attendees to these events to provide information such as name, email address, and/or phone number as part of the registration process. We cannot control their collection or use of this information. We encourage you to read the privacy statements of these third parties because they control how such entities handle the information that you provide at the time of registration.

If a user visits our booth at a trade shows, and provides us with contact information or a business card, we assume that the user intends to establish a commercial relationship with us, and invites us to provide marketing documentation or interact with that user for the purpose of discussing our Service.

Affiliates Entities We share information with entities that are under common ownership or control of our parent company (“Affiliates”). Subject to local requirements, this information may be used to provide services offered by our Affiliates and for the purposes described in this Privacy Notice. Affiliates may share information about users for direct marketing purposes, but only in accordance with each user’s choices or preferences.

Payment Processing We work with a payment processing company to process credit card payments. If you make any payment to us, our payment processing provider will store on our behalf your full name and credit card details.

Fraud Prevention and Protection of Legal Rights We may use and disclose information to the appropriate legal, judicial or law enforcement authorities and our advisors and investigators when (i) we believe, in our sole discretion, that disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of SharpSpring, users, or others; (ii) a user has abused the Platform or Service or gained unauthorized access to any system, engaged in spamming, denial of service attacks, or similar attack; (iii) to exercise or protect legal rights or defend against legal claims; (iv) to allow us to pursue available remedies or limit the damages that we may sustain.

Law enforcement We may have to disclose user information if a court, law enforcement or other public or government authority with appropriate jurisdiction requests that we provide that user’s information, and such request is made using the method required by law in the applicable jurisdiction, such as a search warrant, subpoena, or a court order, and we believe that such request is valid.

Corporate Reorganization We may transfer users’ information to a third party in case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of bankruptcy or corporate restructuring. Except as otherwise provided by a bankruptcy or other court, the use and disclosure of all transferred user information will be subject to the policies described in this Privacy Notice. Any information that a user submits or that is collected after that transfer may be subject to a new privacy policy adopted by the successor entity.

Crossborder Transfer of Information.

We provide a global Platform and Service. Subject to applicable law, information that we obtain from or about users may be processed or transferred to data centers located throughout the world. The standards and laws that apply to the protection of personal data in these countries might be different from that which is afforded in the country where a user is located.

SharpSpring has chosen to participate in the Privacy Shield program and to certify its adherence to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework and their respective Principles and Supplemental Principles (“Principles”). Please see also our EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Policy. [https://sharpspring.com/legal/us-eu-privacy-notice/]

Security.

Security of Personal Data We use commercially reasonable technical, organizational, and administrative safeguards to protect information within our control against unauthorized or unlawful access, use, modification, destruction, processing or disclosure, and against accidental loss, destruction, or damage. We believe that these measures are reasonably adapted to the nature of the information in our custody.

We limit access to our users’ personal data to only those employees and third parties who reasonably need access to it to perform the activities attached to their job responsibilities.

However, due to the realities of data security, no security system or storage system can be guaranteed to be 100% effective or secure. Thus, we cannot guarantee that any information provided to us or collected by us will not be accessed, hacked, disclosed, altered, or destroyed by unauthorized parties.

Breach of Security In the event that we become aware of a security breach which we believe has resulted, or may result, in the unauthorized access, use, or disclosure of non-public personal information of users, we will promptly investigate the matter and notify the applicable parties of such breach. Such investigation will be without delay, consistent with (i) the legitimate needs of law enforcement; (ii) measures necessary to determine the scope of the breach; (iii) efforts to identify the individuals affected; and (iv) steps to restore the reasonable integrity of our Platform.

If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us might have been compromised), or if you suspect someone else is using your account, please let us know immediately by contacting us as indicated in the “How to Contact Us” section.

Lost or Stolen Information You must promptly notify us if your credit, bank, other financial institution information, username, or password is lost, stolen, or used without permission. In such an event, we will assist you in updating your account details.

Data Retention.

We will retain personal data we collect from you where we have justifiable business need to do so, and/or for as long as it is needed to fulfill the purposes outlined in this Privacy Notice, unless a longer retention period is required by law, such as for tax, legal, or accounting purposes.

You can request deletion of your personal data at any time, and we will consider your request in accordance with applicable laws.

When we have no justifiable business need to process your personal data, we will either delete it or anonymize it, or if it not possible (for example, because your personal data has been stored in backup archives), we will securely store your personal data and isolate it from any further processing until deletion is possible.

Advertising Cookies.

Cookies You may choose to block our Platform and other sites from setting cookies by changing the settings of your browser. Please note that blocking or disabling certain cookies may interfere with certain functionalities of some parts of our Platform.

Interest-based Advertising We use information collected about a user’s use of our Platform to arrange for advertisements about our Service to be served to a user on third-party websites in accordance with our e-Marketing Policy. To do so, our advertising service provider places or recognizes a unique cookie on the user’s browser and uses other techniques, such as pixel tags.

Opt-out of Interest-based Advertising You may opt-out of receiving interest-based advertising as explained below. The opt-out may be provided through specific opt-out cookies. Please note that using a new computer, using a different browser, upgrading certain browsers, or modifying or erasing a browser’s cookie file, may clear an opt-out cookie.

Please note that opting out of receiving interest-based advertising does not result in block all advertisements served to your equipment. You will continue receiving advertisements; these advertisements will be generic or based on the content of a webpage that you are visiting, instead of being targeted to your specific interests.

Please bear in mind that there are many more companies listed on these sites than those that place cookies on your device when you access our Platform.

Social Media You can edit or remove the permissions you have granted to SharpSpring to use information from your connected social media accounts by using the application privacy settings on your social media account. See the following for instructions on how to change or remove third party access on each platform:

Electronic Communications If you receive commercial electronic communications from us, you can unsubscribe from the receipt of future commercial electronic communications from us by clicking on the “unsubscribe link” provided in such communications.

Customers who have a registered account may also opt out of receiving commercial electronic communications by logging in to their SharpSpring account, clicking on “Settings,” “User Accounts,” selecting a user, then editing the options in “Notification Options.” We will comply with your request(s) within ten (10) working days.

Please also note that if you do opt out of receiving commercial electronic communications from us, we may still send you important administrative messages (such as updates about your account or service changes), and you cannot opt out from receiving these messages.

Right of Information, Access and Other Rights.

Accessing, Correcting or Deleting Your Information Registered Users who have an account with SharpSpring have the right to review, change, or suppress personal data that we have collected from them. There are several ways to do this.

You can update your account information and your profile settings by logging into your account.

You can also contact us as indicated in the “How to Contact Us” section.

We may need to retain certain information for mandatory record keeping purposes and/or to complete any transactions that you began prior to your request. Residual information may remain within our databases and other records, but it will no longer be tied to your identity.

We want each Registered User’s Information to be complete and accurate. To confirm the completeness and accuracy of, or make changes to, their Personal data, Registered Users are encouraged to visit their personal profile.

EU/EEA Residents: Data Subject Rights under the GDPR.

The EU General Data Protection Regulation (GDPR) grants individuals who are in the United Kingdom, the European Union and European Economic Area (EU/EEA) the following rights, with some limitations. Users may contact us, at the address provided in the “How to Contact us” section below, to exercise any of those rights and we will respond with the requested action or information, or will let you know why that right does not apply to you.

Right Not to Provide Consent or to Withdraw Consent We may seek to rely on your consent in order to process certain personal data. Where we do so, you have the right not to provide your consent, and the right to withdraw your consent at any time. If you withdraw your consent, this will not affect the lawfulness of the processing conducted based on consent before its withdraw.

Right of Access You have the right to obtain confirmation as to whether or not we collect or process personal data concerning you and, if this is the case, you have the right to request a copy of such personal data in digital format.

Right of Rectification You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.

Right of Erasure In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.

Right to Restrict Processing In certain circumstances, you have the right to request that we restrict the processing of the personal data that we have collected about you; for example, where you believe that the personal data that hold about you is not accurate or lawfully held.

Right to Data Portability In certain circumstances, you have the right to receive the personal data concerning you that you have provided us in a structured, commonly used, machine readable format, and the right to obtain that we transmit the data to another entity where technically feasible.

Right to Object to the Processing In certain circumstances, you have the right to request that we stop processing your personal data.

Right to Object to the Processing for Direct Marketing Purposes You have the right to request that we stop sending you marketing communications.

Right Not to be Subject to Decisions Based Solely on Automated Processing that Produce Legal Effects In certain circumstances, you have the right no to be subject to a decision based solely on automated processing – including profiling – that produces legal effects or similarly affects you.

Right to Complain to a Supervisory Authority You have the right to lodge complaint with a supervisory authority if you believe that our processing of personal data relating to you infringes the GDPR.

California Residents: Rights under California Law.

California requires operators of websites or similar services to make certain disclosures to users who reside in California regarding their rights, specifically:

Shine the Light Under California law, a business that has an established business relationship with an individual, and has, within the immediately preceding calendar year, disclosed personal data that is primarily used for personal, family or household purposes to third party for the third party’s direct marketing purposes, must disclose to its California users, upon request, the identity of any such third party, along with the type of personal data disclosed.

You can contact us to as provided in the “How to Contact Us” section. Please note that under California law, businesses are only required to respond to a user’s request once during any calendar year.

Do-Not-Track Some browsers give individuals the ability to communicate that they wish not to be tracked while browsing on the Internet. California law requires that we disclose to users how we treat do-not-track requests. The Internet industry has not yet agreed on a definition of what “Do Not Track” means, how compliance with “Do Not Track” would be measured or evaluated, or a common approach to responding to a “Do Not Track” signal. Due to the lack of guidance, we have not yet developed features that would recognize or respond to browser-initiated Do Not Track signals in response to California law.

In the meantime, there are technical means to prevent some of the tracking, if any. See Section “Your Advertising Choices.”

Children’s Privacy.

Our Platform is not directed to individuals under the age of 18. We do not solicit or knowingly collect Personal data from such individuals. If you become aware that a child has provided us with personal data, please contact us as indicated in the “How to Contact Us” section below. If we obtain actual knowledge that we have collected Personal data from a child under the age of 18, we will take steps to delete such information from our database.

How to Contact Us.

In General We would love to hear your questions, concerns, and feedback about this Notice.

Please note that email communications are not always secure; so please do not include credit card information or sensitive information in your emails to us.

Request to Exercise Individual Rights To exercise any of your rights as described in Section 15 and Section 16, please contact us in writing, via email or postal mail as indicated above, so that we may consider your request under applicable law. Please be aware that your request will not be accepted for review unless you provide the following:

The name, user ID, pseudonym, email address, or other identifier that you have used to use our Platform, or if you are not a registered user of the service, or have not otherwise previously interacted with us, your first and last name and an address where we can correspond with you.

State or Country in which you are located.

Clear description of the information or content you wish to receive or to be deleted or corrected, or the action you wish to be taken; and

Sufficient information to allow us to locate the content or information to be deleted, removed or corrected

For your protection, we may only implement requests with respect to the personal data associated with the particular email address that you use to send us your request.

In addition, please note that, depending on the nature of your inquiry, request or complaint, we may need to verify your identity before implementing your request and may require proof of identity, such as in the form of a government issued ID and proof of geographical address.

We will try to comply with your request as soon as reasonably practicable. However, we reserve the right to refuse to act on a request that is manifestly unfounded or excessive (for example because it is repetitive) and/or, in some cases, to charge a fee that takes into account the administrative costs for providing the information or the communication or taking the action requested.